General
-
Target
0294615fc575b818ff89e21e3b3147875a4dcb6d0561da2f1b2048d93777c560
-
Size
121KB
-
Sample
220520-14h3dsefa7
-
MD5
163e20ac0095cbe449e3aa5e5982303a
-
SHA1
3cbf2b43d06a3d95c34312e28292f3b13661fd86
-
SHA256
0294615fc575b818ff89e21e3b3147875a4dcb6d0561da2f1b2048d93777c560
-
SHA512
5eca344cf67ee64cfa29e511c7bffe3261dd69117364296b0c3f5935d16b2efcd428950bd5bf080ba9b5e699ab96f74941116c4e9f724ff009a1b681a64c6fea
Malware Config
Extracted
http://casaroomz.com/wp-includes/rPG/
http://necibekulac.com/wp-content/dTl4ul/
https://www.homeonetechnologies.com/blog/dcy/
http://todoparaelconfort.com/cgi-bin/wp/
http://aadarshitibhusawal.org/wp-includes/amI/
http://digiarmedia.com/wp-admin/8/
http://avcumda.com/huseyingulgec.com.tr/cO1DS8G/
Targets
-
-
Target
sample
-
Size
231KB
-
MD5
ef23e871496fbbf106a11396229d08ad
-
SHA1
67c0768dada87684b81d4a37af415a2c5c7cd1e4
-
SHA256
4a883ec03aa2a167f2ebe1778ce38fda19b778b00286254daf1de8d39a6d1944
-
SHA512
ed02900349fa00d7f1d55a0f5f473c1647831e1b6fb831b66fb3cdb8af0aa4a6df495c0f5cbd94b40a260c027d9b2e6cdcc352543df499a4574389a8bc037dc5
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-